# Hacking Android Labs

### IPC (Inter-Process Communication) <a href="#el_1710671879067_369" id="el_1710671879067_369"></a>

> Android Attack Surface

<table><thead><tr><th width="148">NAME</th><th width="192">INFO</th><th width="271">VULNERABILITIES</th><th width="100" data-type="checkbox">TODO</th></tr></thead><tbody><tr><td><a href="https://www.mobilehackinglab.com/course/lab-iot-connect">IoT Connect</a></td><td><strong>Exported broadcast receivers</strong></td><td>Exported Broadcast Receiver + cifrado AES/ECB débil</td><td>true</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-strings">Strings</a></td><td><strong>Exported Activities</strong></td><td>Exported Activity + deep link + Frida + SharedPreferences (hooking dinámico)</td><td>true</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-cyclic-scanner">Cyclic Scanner</a></td><td><strong>Exported Services</strong></td><td>Exported Service + command injection via filename</td><td>true</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-secure-notes">Secure Notes</a></td><td><strong>Exported Content Providers</strong></td><td>Exported Content Provider + brute force PIN 4 dígitos</td><td>false</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-guess-me">Guess Me</a></td><td><strong>Deep link hijacking</strong></td><td>Deep link hijacking + WebView + JavaScript bridge → RCE</td><td>true</td></tr></tbody></table>

### Code Issues <a href="#el_1710672597753_624" id="el_1710672597753_624"></a>

> Below vulnerabilities are a result of code issues and [Insufficient Input/Output Validation](https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation.html) from OWASP.

<table><thead><tr><th>NAME</th><th>INFO</th><th>VULNERABILITIES</th><th data-type="checkbox">TODO</th></tr></thead><tbody><tr><td><a href="https://www.mobilehackinglab.com/course/lab-food-store">Food Store</a></td><td><strong>SQL injection</strong></td><td>SQL Injection + base de datos SQLite insegura</td><td>false</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-postboard">Post Board</a></td><td><strong>Cross-site scripting (XSS) / WebView</strong></td><td>XSS via innerHTML + WebView + command injection (JavaScript bridge)</td><td>false</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-tokenbleed">TokenBleed</a></td><td>Web View / JavaScript bridge</td><td>WebView bridge + deep link interception → robo de JWT</td><td>false</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-document-viewer-rce">Document Viewer</a></td><td><strong>Path Traversal / Remote Code Execution</strong></td><td>Path traversal via URI + native library + escritura arbitraria de archivos</td><td>false</td></tr><tr><td><a href="https://www.mobilehackinglab.com/course/lab-notekeeper">Notekeeper</a></td><td><strong>Buffer Overflow / Insufficient Binary Protections</strong></td><td>Buffer overflow + command injection + JNI/native code</td><td>false</td></tr></tbody></table>

### Platform issues <a href="#el_1710673534641_763" id="el_1710673534641_763"></a>

<table><thead><tr><th>NAME</th><th>INFO</th><th>VULNERABILITIES</th><th data-type="checkbox">TODO</th></tr></thead><tbody><tr><td><a href="https://www.mobilehackinglab.com/course/lab-config-editor-rce">Config Editor</a></td><td><strong>Insecure third party libraries</strong></td><td>YAML deserialization (CVE-2022-1471) → RCE via SnakeYaml</td><td>false</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/mobile-hacking-lab/capt-android-penetration-tester/hacking-android-labs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.